import { getLogger, withContext } from "jsr:@logtape/logtape@^0.7.1"; import { handleNodeInfo, handleNodeInfoJrd } from "../nodeinfo/handler.ts"; import { type AuthenticatedDocumentLoaderFactory, type DocumentLoader, fetchDocumentLoader, getAuthenticatedDocumentLoader, kvCache, } from "../runtime/docloader.ts"; import { verifyRequest } from "../sig/http.ts"; import { exportJwk, importJwk, validateCryptoKey } from "../sig/key.ts"; import { hasSignature, signJsonLd } from "../sig/ld.ts"; import { getKeyOwner } from "../sig/owner.ts"; import { signObject } from "../sig/proof.ts"; import type { Actor, Recipient } from "../vocab/actor.ts"; import { lookupObject, type LookupObjectOptions, traverseCollection, type TraverseCollectionOptions, } from "../vocab/lookup.ts"; import { Activity, type Collection, CryptographicKey, type Hashtag, type Like, type Link, Multikey, type Object, } from "../vocab/vocab.ts"; import { handleWebFinger } from "../webfinger/handler.ts"; import type { ActorDispatcher, ActorHandleMapper, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCounter, CollectionCursor, CollectionDispatcher, InboxErrorHandler, InboxListener, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectDispatcher, OutboxErrorHandler, SharedInboxKeyDispatcher, } from "./callback.ts"; import { buildCollectionSynchronizationHeader } from "./collection.ts"; import type { ActorKeyPair, Context, ForwardActivityOptions, InboxContext, ParseUriResult, RequestContext, SendActivityOptions, } from "./context.ts"; import type { ActorCallbackSetters, CollectionCallbackSetters, Federation, FederationFetchOptions, FederationStartQueueOptions, InboxListenerSetters, ObjectCallbackSetters, } from "./federation.ts"; import { type CollectionCallbacks, handleActor, handleCollection, handleInbox, handleObject, } from "./handler.ts"; import { InboxListenerSet } from "./inbox.ts"; import type { KvKey, KvStore } from "./kv.ts"; import type { MessageQueue } from "./mq.ts"; import type { InboxMessage, Message, OutboxMessage, SenderKeyJwkPair, } from "./queue.ts"; import { createExponentialBackoffPolicy, type RetryPolicy } from "./retry.ts"; import { Router, RouterError } from "./router.ts"; import { extractInboxes, sendActivity, type SenderKeyPair } from "./send.ts"; /** * Options for {@link createFederation} function. * @since 0.10.0 */ export interface CreateFederationOptions { /** * The key-value store used for caching, outbox queues, and inbox idempotence. */ kv: KvStore; /** * Prefixes for namespacing keys in the Deno KV store. By default, all keys * are prefixed with `["_fedify"]`. */ kvPrefixes?: Partial; /** * The message queue for sending activities to recipients' inboxes. * If not provided, activities will not be queued and will be sent * immediately. */ queue?: MessageQueue; /** * Whether to start the task queue manually or automatically. * * If `true`, the task queue will not start automatically and you need to * manually start it by calling the {@link Federation.startQueue} method. * * If `false`, the task queue will start automatically as soon as * the first task is enqueued. * * By default, the queue starts automatically. * * @since 0.12.0 */ manuallyStartQueue?: boolean; /** * A custom JSON-LD document loader. By default, this uses the built-in * cache-backed loader that fetches remote documents over HTTP(S). */ documentLoader?: DocumentLoader; /** * A custom JSON-LD context loader. By default, this uses the same loader * as the document loader. */ contextLoader?: DocumentLoader; /** * A factory function that creates an authenticated document loader for a * given identity. This is used for fetching documents that require * authentication. */ authenticatedDocumentLoaderFactory?: AuthenticatedDocumentLoaderFactory; /** * Whether to allow fetching private network addresses in the document loader. * * If turned on, {@link CreateFederationOptions.documentLoader}, * {@link CreateFederationOptions.contextLoader}, and * {@link CreateFederationOptions.authenticatedDocumentLoaderFactory} * cannot be configured. * * Mostly useful for testing purposes. *Do not use in production.* * * Turned off by default. */ allowPrivateAddress?: boolean; /** * A callback that handles errors during outbox processing. Note that this * callback can be called multiple times for the same activity, because * the delivery is retried according to the backoff schedule until it * succeeds or reaches the maximum retry count. * * If any errors are thrown in this callback, they are ignored. */ onOutboxError?: OutboxErrorHandler; /** * The time window for verifying HTTP Signatures of incoming requests. If the * request is older or newer than this window, it is rejected. Or if it is * `false`, the request's timestamp is not checked at all. * * By default, the window is an hour. */ signatureTimeWindow?: Temporal.Duration | Temporal.DurationLike | false; /** * Whether to skip HTTP Signatures verification for incoming activities. * This is useful for testing purposes, but should not be used in production. * * By default, this is `false` (i.e., signatures are verified). * @since 0.13.0 */ skipSignatureVerification?: boolean; /** * The retry policy for sending activities to recipients' inboxes. * By default, this uses an exponential backoff strategy with a maximum of * 10 attempts and a maximum delay of 12 hours. * @since 0.12.0 */ outboxRetryPolicy?: RetryPolicy; /** * The retry policy for processing incoming activities. By default, this * uses an exponential backoff strategy with a maximum of 10 attempts and a * maximum delay of 12 hours. * @since 0.12.0 */ inboxRetryPolicy?: RetryPolicy; /** * Whether the router should be insensitive to trailing slashes in the URL * paths. For example, if this option is `true`, `/foo` and `/foo/` are * treated as the same path. Turned off by default. * @since 0.12.0 */ trailingSlashInsensitive?: boolean; } /** * Prefixes for namespacing keys in the Deno KV store. */ export interface FederationKvPrefixes { /** * The key prefix used for storing whether activities have already been * processed or not. `["_fedify", "activityIdempotence"]` by default. */ activityIdempotence: KvKey; /** * The key prefix used for storing remote JSON-LD documents. * `["_fedify", "remoteDocument"]` by default. */ remoteDocument: KvKey; /** * The key prefix used for caching public keys. * `["_fedify", "publicKey"]` by default. * @since 0.12.0 */ publicKey: KvKey; } /** * Create a new {@link Federation} instance. * @param parameters Parameters for initializing the instance. * @returns A new {@link Federation} instance. * @since 0.10.0 */ export function createFederation( options: CreateFederationOptions, ): Federation { return new FederationImpl(options); } export class FederationImpl implements Federation { kv: KvStore; kvPrefixes: FederationKvPrefixes; queue?: MessageQueue; queueStarted: boolean; manuallyStartQueue: boolean; router: Router; nodeInfoDispatcher?: NodeInfoDispatcher; actorCallbacks?: ActorCallbacks; objectCallbacks: Record>; objectTypeIds: Record< string, // deno-lint-ignore no-explicit-any (new (...args: any[]) => Object) & { typeId: URL } >; inboxPath?: string; inboxCallbacks?: CollectionCallbacks< Activity, RequestContext, TContextData, void >; outboxCallbacks?: CollectionCallbacks< Activity, RequestContext, TContextData, void >; followingCallbacks?: CollectionCallbacks< Actor | URL, RequestContext, TContextData, void >; followersCallbacks?: CollectionCallbacks< Recipient, Context, TContextData, URL >; likedCallbacks?: CollectionCallbacks< Like, RequestContext, TContextData, void >; featuredCallbacks?: CollectionCallbacks< Object, RequestContext, TContextData, void >; featuredTagsCallbacks?: CollectionCallbacks< Hashtag, RequestContext, TContextData, void >; inboxListeners?: InboxListenerSet; inboxErrorHandler?: InboxErrorHandler; sharedInboxKeyDispatcher?: SharedInboxKeyDispatcher; documentLoader: DocumentLoader; contextLoader: DocumentLoader; authenticatedDocumentLoaderFactory: AuthenticatedDocumentLoaderFactory; onOutboxError?: OutboxErrorHandler; signatureTimeWindow: Temporal.Duration | Temporal.DurationLike | false; skipSignatureVerification: boolean; outboxRetryPolicy: RetryPolicy; inboxRetryPolicy: RetryPolicy; constructor(options: CreateFederationOptions) { this.kv = options.kv; this.kvPrefixes = { ...({ activityIdempotence: ["_fedify", "activityIdempotence"], remoteDocument: ["_fedify", "remoteDocument"], publicKey: ["_fedify", "publicKey"], } satisfies FederationKvPrefixes), ...(options.kvPrefixes ?? {}), }; this.queue = options.queue; this.queueStarted = false; this.manuallyStartQueue = options.manuallyStartQueue ?? false; this.router = new Router({ trailingSlashInsensitive: options.trailingSlashInsensitive, }); this.router.add("/.well-known/webfinger", "webfinger"); this.router.add("/.well-known/nodeinfo", "nodeInfoJrd"); this.objectCallbacks = {}; this.objectTypeIds = {}; if (options.allowPrivateAddress) { if (options.documentLoader != null) { throw new TypeError( "Cannot set documentLoader with allowPrivateAddress turned on.", ); } else if (options.contextLoader != null) { throw new TypeError( "Cannot set contextLoader with allowPrivateAddress turned on.", ); } else if (options.authenticatedDocumentLoaderFactory != null) { throw new TypeError( "Cannot set authenticatedDocumentLoaderFactory with " + "allowPrivateAddress turned on.", ); } } this.documentLoader = options.documentLoader ?? kvCache({ loader: options.allowPrivateAddress ? (url) => fetchDocumentLoader(url, true) : fetchDocumentLoader, kv: options.kv, prefix: this.kvPrefixes.remoteDocument, }); this.contextLoader = options.contextLoader ?? this.documentLoader; this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? (options.allowPrivateAddress ? (identity) => getAuthenticatedDocumentLoader(identity, true) : getAuthenticatedDocumentLoader); this.onOutboxError = options.onOutboxError; this.signatureTimeWindow = options.signatureTimeWindow ?? { hours: 1 }; this.skipSignatureVerification = options.skipSignatureVerification ?? false; this.outboxRetryPolicy = options.outboxRetryPolicy ?? createExponentialBackoffPolicy(); this.inboxRetryPolicy = options.inboxRetryPolicy ?? createExponentialBackoffPolicy(); } async #startQueue( ctxData: TContextData, signal?: AbortSignal, ): Promise { if (this.queue != null && !this.queueStarted) { const logger = getLogger(["fedify", "federation", "queue"]); logger.debug("Starting a task queue."); this.queueStarted = true; await this.queue?.listen( (msg) => this.#listenQueue(ctxData, msg), { signal }, ); } } #listenQueue(ctxData: TContextData, message: Message): Promise { return withContext({ messageId: message.id }, async () => { if (message.type === "outbox") { await this.#listenOutboxMessage(ctxData, message); } else if (message.type === "inbox") { await this.#listenInboxMessage(ctxData, message); } }); } async #listenOutboxMessage( _: TContextData, message: OutboxMessage, ): Promise { const logger = getLogger(["fedify", "federation", "outbox"]); const logData = { keyIds: message.keys.map((pair) => pair.keyId), inbox: message.inbox, activity: message.activity, activityId: message.activityId, attempt: message.attempt, headers: message.headers, }; const keys: SenderKeyPair[] = []; let rsaKeyPair: SenderKeyPair | null = null; for (const { keyId, privateKey } of message.keys) { const pair: SenderKeyPair = { keyId: new URL(keyId), privateKey: await importJwk(privateKey, "private"), }; if ( rsaKeyPair == null && pair.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5" ) { rsaKeyPair = pair; } keys.push(pair); } try { await sendActivity({ keys, activity: message.activity, activityId: message.activityId, inbox: new URL(message.inbox), headers: new Headers(message.headers), }); } catch (error) { const activity = await Activity.fromJsonLd(message.activity, { contextLoader: this.contextLoader, documentLoader: rsaKeyPair == null ? this.documentLoader : this.authenticatedDocumentLoaderFactory(rsaKeyPair), }); try { this.onOutboxError?.(error as Error, activity); } catch (error) { logger.error( "An unexpected error occurred in onError handler:\n{error}", { ...logData, error }, ); } const delay = this.outboxRetryPolicy({ elapsedTime: Temporal.Instant.from(message.started).until( Temporal.Now.instant(), ), attempts: message.attempt, }); if (delay != null) { logger.error( "Failed to send activity {activityId} to {inbox} (attempt " + "#{attempt}); retry...:\n{error}", { ...logData, error }, ); this.queue?.enqueue( { ...message, attempt: message.attempt + 1, } satisfies OutboxMessage, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay, }, ); } else { logger.error( "Failed to send activity {activityId} to {inbox} after {attempt} " + "attempts; giving up:\n{error}", { ...logData, error }, ); } return; } logger.info( "Successfully sent activity {activityId} to {inbox}.", { ...logData }, ); } async #listenInboxMessage( ctxData: TContextData, message: InboxMessage, ): Promise { const logger = getLogger(["fedify", "federation", "inbox"]); const baseUrl = new URL(message.baseUrl); let context = this.#createContext(baseUrl, ctxData); if (message.identifier != null) { context = this.#createContext(baseUrl, ctxData, { documentLoader: await context.getDocumentLoader({ identifier: message.identifier, }), }); } else if (this.sharedInboxKeyDispatcher != null) { const identity = await this.sharedInboxKeyDispatcher(context); if (identity != null) { context = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity), }); } } const activity = await Activity.fromJsonLd(message.activity, context); const cacheKey = activity.id == null ? null : [ ...this.kvPrefixes.activityIdempotence, activity.id.href, ] satisfies KvKey; if (cacheKey != null) { const cached = await this.kv.get(cacheKey); if (cached === true) { logger.debug("Activity {activityId} has already been processed.", { activityId: activity.id?.href, activity: message.activity, recipient: message.identifier, }); return; } } const listener = this.inboxListeners?.dispatch(activity); if (listener == null) { logger.error( "Unsupported activity type:\n{activity}", { activityId: activity.id?.href, activity: message.activity, recipient: message.identifier, trial: message.attempt, }, ); return; } try { await listener( context.toInboxContext(message.identifier, message.activity), activity, ); } catch (error) { try { await this.inboxErrorHandler?.(context, error as Error); } catch (error) { logger.error( "An unexpected error occurred in inbox error handler:\n{error}", { error, trial: message.attempt, activityId: activity.id?.href, activity: message.activity, recipient: message.identifier, }, ); } const delay = this.inboxRetryPolicy({ elapsedTime: Temporal.Instant.from(message.started).until( Temporal.Now.instant(), ), attempts: message.attempt, }); if (delay != null) { logger.error( "Failed to process the incoming activity {activityId} (attempt " + "#{attempt}); retry...:\n{error}", { error, attempt: message.attempt, activityId: activity.id?.href, activity: message.activity, recipient: message.identifier, }, ); this.queue?.enqueue( { ...message, attempt: message.attempt + 1, } satisfies InboxMessage, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay, }, ); } else { logger.error( "Failed to process the incoming activity {activityId} after " + "{trial} attempts; giving up:\n{error}", { error, activityId: activity.id?.href, activity: message.activity, recipient: message.identifier, }, ); } return; } if (cacheKey != null) { await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }), }); } logger.info( "Activity {activityId} has been processed.", { activityId: activity.id?.href, activity: message.activity, recipient: message.identifier, }, ); } startQueue( contextData: TContextData, options: FederationStartQueueOptions = {}, ): Promise { return this.#startQueue(contextData, options.signal); } createContext(baseUrl: URL, contextData: TContextData): Context; createContext( request: Request, contextData: TContextData, ): RequestContext; createContext( urlOrRequest: Request | URL, contextData: TContextData, ): Context { return urlOrRequest instanceof Request ? this.#createContext(urlOrRequest, contextData) : this.#createContext(urlOrRequest, contextData); } #createContext( baseUrl: URL, contextData: TContextData, opts?: { documentLoader?: DocumentLoader }, ): ContextImpl; #createContext( request: Request, contextData: TContextData, opts?: { documentLoader?: DocumentLoader; invokedFromActorDispatcher?: { identifier: string }; invokedFromObjectDispatcher?: { // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => Object) & { typeId: URL }; values: Record; }; }, ): RequestContextImpl; #createContext( urlOrRequest: Request | URL, contextData: TContextData, opts: { documentLoader?: DocumentLoader; invokedFromActorDispatcher?: { identifier: string }; invokedFromObjectDispatcher?: { // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => Object) & { typeId: URL }; values: Record; }; } = {}, ): ContextImpl | RequestContextImpl { const request = urlOrRequest instanceof Request ? urlOrRequest : null; const url = urlOrRequest instanceof URL ? new URL(urlOrRequest) : new URL(urlOrRequest.url); if (request == null) { url.pathname = "/"; url.hash = ""; url.search = ""; } const ctxOptions: ContextOptions = { url, federation: this, data: contextData, documentLoader: opts.documentLoader ?? this.documentLoader, }; if (request == null) return new ContextImpl(ctxOptions); return new RequestContextImpl({ ...ctxOptions, request, invokedFromActorDispatcher: opts.invokedFromActorDispatcher, invokedFromObjectDispatcher: opts.invokedFromObjectDispatcher, }); } setNodeInfoDispatcher( path: string, dispatcher: NodeInfoDispatcher, ) { if (this.router.has("nodeInfo")) { throw new RouterError("NodeInfo dispatcher already set."); } const variables = this.router.add(path, "nodeInfo"); if (variables.size !== 0) { throw new RouterError( "Path for NodeInfo dispatcher must have no variables.", ); } this.nodeInfoDispatcher = dispatcher; } setActorDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: ActorDispatcher, ): ActorCallbackSetters { if (this.router.has("actor")) { throw new RouterError("Actor dispatcher already set."); } const variables = this.router.add(path, "actor"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for actor dispatcher must have one variable: {identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "actor"]).warn( "The {{handle}} variable in the actor dispatcher path is deprecated. " + "Use {{identifier}} instead.", ); } const callbacks: ActorCallbacks = { dispatcher: async (context, identifier) => { const actor = await dispatcher(context, identifier); if (actor == null) return null; const logger = getLogger(["fedify", "federation", "actor"]); if (actor.id == null) { logger.warn( "Actor dispatcher returned an actor without an id property. " + "Set the property with Context.getActorUri(identifier).", ); } else if (actor.id.href != context.getActorUri(identifier).href) { logger.warn( "Actor dispatcher returned an actor with an id property that " + "does not match the actor URI. Set the property with " + "Context.getActorUri(identifier).", ); } if ( this.followingCallbacks != null && this.followingCallbacks.dispatcher != null ) { if (actor.followingId == null) { logger.warn( "You configured a following collection dispatcher, but the " + "actor does not have a following property. Set the property " + "with Context.getFollowingUri(identifier).", ); } else if ( actor.followingId.href != context.getFollowingUri(identifier).href ) { logger.warn( "You configured a following collection dispatcher, but the " + "actor's following property does not match the following " + "collection URI. Set the property with " + "Context.getFollowingUri(identifier).", ); } } if ( this.followersCallbacks != null && this.followersCallbacks.dispatcher != null ) { if (actor.followersId == null) { logger.warn( "You configured a followers collection dispatcher, but the " + "actor does not have a followers property. Set the property " + "with Context.getFollowersUri(identifier).", ); } else if ( actor.followersId.href != context.getFollowersUri(identifier).href ) { logger.warn( "You configured a followers collection dispatcher, but the " + "actor's followers property does not match the followers " + "collection URI. Set the property with " + "Context.getFollowersUri(identifier).", ); } } if ( this.outboxCallbacks != null && this.outboxCallbacks.dispatcher != null ) { if (actor?.outboxId == null) { logger.warn( "You configured an outbox collection dispatcher, but the " + "actor does not have an outbox property. Set the property " + "with Context.getOutboxUri(identifier).", ); } else if ( actor.outboxId.href != context.getOutboxUri(identifier).href ) { logger.warn( "You configured an outbox collection dispatcher, but the " + "actor's outbox property does not match the outbox collection " + "URI. Set the property with Context.getOutboxUri(identifier).", ); } } if ( this.likedCallbacks != null && this.likedCallbacks.dispatcher != null ) { if (actor?.likedId == null) { logger.warn( "You configured a liked collection dispatcher, but the " + "actor does not have a liked property. Set the property " + "with Context.getLikedUri(identifier).", ); } else if ( actor.likedId.href != context.getLikedUri(identifier).href ) { logger.warn( "You configured a liked collection dispatcher, but the " + "actor's liked property does not match the liked collection " + "URI. Set the property with Context.getLikedUri(identifier).", ); } } if ( this.featuredCallbacks != null && this.featuredCallbacks.dispatcher != null ) { if (actor?.featuredId == null) { logger.warn( "You configured a featured collection dispatcher, but the " + "actor does not have a featured property. Set the property " + "with Context.getFeaturedUri(identifier).", ); } else if ( actor.featuredId.href != context.getFeaturedUri(identifier).href ) { logger.warn( "You configured a featured collection dispatcher, but the " + "actor's featured property does not match the featured collection " + "URI. Set the property with Context.getFeaturedUri(identifier).", ); } } if ( this.featuredTagsCallbacks != null && this.featuredTagsCallbacks.dispatcher != null ) { if (actor?.featuredTagsId == null) { logger.warn( "You configured a featured tags collection dispatcher, but the " + "actor does not have a featuredTags property. Set the property " + "with Context.getFeaturedTagsUri(identifier).", ); } else if ( actor.featuredTagsId.href != context.getFeaturedTagsUri(identifier).href ) { logger.warn( "You configured a featured tags collection dispatcher, but the " + "actor's featuredTags property does not match the featured tags " + "collection URI. Set the property with " + "Context.getFeaturedTagsUri(identifier).", ); } } if (this.router.has("inbox")) { if (actor.inboxId == null) { logger.warn( "You configured inbox listeners, but the actor does not " + "have an inbox property. Set the property with " + "Context.getInboxUri(identifier).", ); } else if ( actor.inboxId.href != context.getInboxUri(identifier).href ) { logger.warn( "You configured inbox listeners, but the actor's inbox " + "property does not match the inbox URI. Set the property " + "with Context.getInboxUri(identifier).", ); } if (actor.endpoints == null || actor.endpoints.sharedInbox == null) { logger.warn( "You configured inbox listeners, but the actor does not have " + "a endpoints.sharedInbox property. Set the property with " + "Context.getInboxUri().", ); } else if ( actor.endpoints.sharedInbox.href != context.getInboxUri().href ) { logger.warn( "You configured inbox listeners, but the actor's " + "endpoints.sharedInbox property does not match the shared inbox " + "URI. Set the property with Context.getInboxUri().", ); } } if (callbacks.keyPairsDispatcher != null) { if (actor.publicKeyId == null) { logger.warn( "You configured a key pairs dispatcher, but the actor does " + "not have a publicKey property. Set the property with " + "Context.getActorKeyPairs(identifier).", ); } if (actor.assertionMethodId == null) { logger.warn( "You configured a key pairs dispatcher, but the actor does " + "not have an assertionMethod property. Set the property " + "with Context.getActorKeyPairs(identifier).", ); } } return actor; }, }; this.actorCallbacks = callbacks; const setters: ActorCallbackSetters = { setKeyPairsDispatcher(dispatcher: ActorKeyPairsDispatcher) { callbacks.keyPairsDispatcher = dispatcher; return setters; }, mapHandle(mapper: ActorHandleMapper) { callbacks.handleMapper = mapper; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: `${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}`, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters; setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: `${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}`, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters; setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: `${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}`, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters; setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: `${string}{${TParam}}${string}{${TParam}}${string}{${TParam}}${string}`, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters; setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: `${string}{${TParam}}${string}{${TParam}}${string}`, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters; setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: `${string}{${TParam}}${string}`, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters; setObjectDispatcher( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, path: string, dispatcher: ObjectDispatcher, ): ObjectCallbackSetters { const routeName = `object:${cls.typeId.href}`; if (this.router.has(routeName)) { throw new RouterError(`Object dispatcher for ${cls.name} already set.`); } const variables = this.router.add(path, routeName); if (variables.size < 1) { throw new RouterError( "Path for object dispatcher must have at least one variable.", ); } const callbacks: ObjectCallbacks = { dispatcher, parameters: variables as unknown as Set, }; this.objectCallbacks[cls.typeId.href] = callbacks; this.objectTypeIds[cls.typeId.href] = cls; const setters: ObjectCallbackSetters = { authorize(predicate: ObjectAuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setInboxDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Activity, RequestContext, TContextData, void >, ): CollectionCallbackSetters< RequestContext, TContextData, void > { if (this.inboxCallbacks != null) { throw new RouterError("Inbox dispatcher already set."); } if (this.router.has("inbox")) { if (this.inboxPath !== path) { throw new RouterError( "Inbox dispatcher path must match inbox listener path.", ); } } else { const variables = this.router.add(path, "inbox"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for inbox dispatcher must have one variable: {identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "inbox"]).warn( "The {{handle}} variable in the inbox dispatcher path is deprecated. " + "Use {{identifier}} instead.", ); } this.inboxPath = path; } const callbacks: CollectionCallbacks< Activity, RequestContext, TContextData, void > = { dispatcher }; this.inboxCallbacks = callbacks; const setters: CollectionCallbackSetters< RequestContext, TContextData, void > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setOutboxDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Activity, RequestContext, TContextData, void >, ): CollectionCallbackSetters< RequestContext, TContextData, void > { if (this.router.has("outbox")) { throw new RouterError("Outbox dispatcher already set."); } const variables = this.router.add(path, "outbox"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for outbox dispatcher must have one variable: {identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "outbox"]).warn( "The {{handle}} variable in the outbox dispatcher path is deprecated. " + "Use {{identifier}} instead.", ); } const callbacks: CollectionCallbacks< Activity, RequestContext, TContextData, void > = { dispatcher }; this.outboxCallbacks = callbacks; const setters: CollectionCallbackSetters< RequestContext, TContextData, void > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setFollowingDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Actor | URL, RequestContext, TContextData, void >, ): CollectionCallbackSetters< RequestContext, TContextData, void > { if (this.router.has("following")) { throw new RouterError("Following collection dispatcher already set."); } const variables = this.router.add(path, "following"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for following collection dispatcher must have one variable: " + "{identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "collection"]).warn( "The {{handle}} variable in the following collection dispatcher path " + "is deprecated. Use {{identifier}} instead.", ); } const callbacks: CollectionCallbacks< Actor | URL, RequestContext, TContextData, void > = { dispatcher }; this.followingCallbacks = callbacks; const setters: CollectionCallbackSetters< RequestContext, TContextData, void > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setFollowersDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Recipient, Context, TContextData, URL >, ): CollectionCallbackSetters, TContextData, URL> { if (this.router.has("followers")) { throw new RouterError("Followers collection dispatcher already set."); } const variables = this.router.add(path, "followers"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for followers collection dispatcher must have one variable: " + "{identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "collection"]).warn( "The {{handle}} variable in the followers collection dispatcher path " + "is deprecated. Use {{identifier}} instead.", ); } const callbacks: CollectionCallbacks< Recipient, Context, TContextData, URL > = { dispatcher }; this.followersCallbacks = callbacks; const setters: CollectionCallbackSetters< Context, TContextData, URL > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor, TContextData, URL>, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor, TContextData, URL>, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setLikedDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Like, RequestContext, TContextData, void >, ): CollectionCallbackSetters< RequestContext, TContextData, void > { if (this.router.has("liked")) { throw new RouterError("Liked collection dispatcher already set."); } const variables = this.router.add(path, "liked"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for liked collection dispatcher must have one variable: " + "{identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "collection"]).warn( "The {{handle}} variable in the liked collection dispatcher path " + "is deprecated. Use {{identifier}} instead.", ); } const callbacks: CollectionCallbacks< Like, RequestContext, TContextData, void > = { dispatcher }; this.likedCallbacks = callbacks; const setters: CollectionCallbackSetters< RequestContext, TContextData, void > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setFeaturedDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Object, RequestContext, TContextData, void >, ): CollectionCallbackSetters< RequestContext, TContextData, void > { if (this.router.has("featured")) { throw new RouterError("Featured collection dispatcher already set."); } const variables = this.router.add(path, "featured"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for featured collection dispatcher must have one variable: " + "{identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "collection"]).warn( "The {{handle}} variable in the featured collection dispatcher path " + "is deprecated. Use {{identifier}} instead.", ); } const callbacks: CollectionCallbacks< Object, RequestContext, TContextData, void > = { dispatcher }; this.featuredCallbacks = callbacks; const setters: CollectionCallbackSetters< RequestContext, TContextData, void > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setFeaturedTagsDispatcher( path: `${string}{identifier}${string}` | `${string}{handle}${string}`, dispatcher: CollectionDispatcher< Hashtag, RequestContext, TContextData, void >, ): CollectionCallbackSetters< RequestContext, TContextData, void > { if (this.router.has("featuredTags")) { throw new RouterError("Featured tags collection dispatcher already set."); } const variables = this.router.add(path, "featuredTags"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for featured tags collection dispatcher must have one " + "variable: {identifier}", ); } if (variables.has("handle")) { getLogger(["fedify", "federation", "collection"]).warn( "The {{handle}} variable in the featured tags collection dispatcher " + "path is deprecated. Use {{identifier}} instead.", ); } const callbacks: CollectionCallbacks< Hashtag, RequestContext, TContextData, void > = { dispatcher }; this.featuredTagsCallbacks = callbacks; const setters: CollectionCallbackSetters< RequestContext, TContextData, void > = { setCounter(counter: CollectionCounter) { callbacks.counter = counter; return setters; }, setFirstCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.firstCursor = cursor; return setters; }, setLastCursor( cursor: CollectionCursor< RequestContext, TContextData, void >, ) { callbacks.lastCursor = cursor; return setters; }, authorize(predicate: AuthorizePredicate) { callbacks.authorizePredicate = predicate; return setters; }, }; return setters; } setInboxListeners( inboxPath: `${string}{identifier}${string}` | `${string}{handle}${string}`, sharedInboxPath?: string, ): InboxListenerSetters { if (this.inboxListeners != null) { throw new RouterError("Inbox listeners already set."); } if (this.router.has("inbox")) { if (this.inboxPath !== inboxPath) { throw new RouterError( "Inbox listener path must match inbox dispatcher path.", ); } } else { const variables = this.router.add(inboxPath, "inbox"); if ( variables.size !== 1 || !(variables.has("identifier") || variables.has("handle")) ) { throw new RouterError( "Path for inbox must have one variable: {identifier}", ); } this.inboxPath = inboxPath; if (variables.has("handle")) { getLogger(["fedify", "federation", "inbox"]).warn( "The {{handle}} variable in the inbox path is deprecated. " + "Use {{identifier}} instead.", ); } } if (sharedInboxPath != null) { const siVars = this.router.add(sharedInboxPath, "sharedInbox"); if (siVars.size !== 0) { throw new RouterError( "Path for shared inbox must have no variables.", ); } } const listeners = this.inboxListeners = new InboxListenerSet(); const setters: InboxListenerSetters = { on( // deno-lint-ignore no-explicit-any type: new (...args: any[]) => TActivity, listener: InboxListener, ): InboxListenerSetters { listeners.add(type, listener as InboxListener); return setters; }, onError: ( handler: InboxErrorHandler, ): InboxListenerSetters => { this.inboxErrorHandler = handler; return setters; }, setSharedKeyDispatcher: ( dispatcher: SharedInboxKeyDispatcher, ): InboxListenerSetters => { this.sharedInboxKeyDispatcher = dispatcher; return setters; }, }; return setters; } async sendActivity( keys: SenderKeyPair[], recipients: Recipient | Recipient[], activity: Activity, options: SendActivityInternalOptions, ): Promise { const logger = getLogger(["fedify", "federation", "outbox"]); const { preferSharedInbox, immediate, excludeBaseUris, collectionSync, contextData, } = options; if (keys.length < 1) { throw new TypeError("The sender's keys must not be empty."); } for (const { privateKey } of keys) { validateCryptoKey(privateKey, "private"); } if (activity.actorId == null) { logger.error( "Activity {activityId} to send does not have an actor.", { activity, activityId: activity?.id?.href }, ); throw new TypeError( "The activity to send must have at least one actor property.", ); } if (activity.id == null) { activity = activity.clone({ id: new URL(`urn:uuid:${crypto.randomUUID()}`), }); } const inboxes = extractInboxes({ recipients: Array.isArray(recipients) ? recipients : [recipients], preferSharedInbox, excludeBaseUris, }); logger.debug("Sending activity {activityId} to inboxes:\n{inboxes}", { inboxes: globalThis.Object.keys(inboxes), activityId: activity.id?.href, activity, }); if (activity.id == null) { throw new TypeError("The activity to send must have an id."); } if (activity.actorId == null) { throw new TypeError( "The activity to send must have at least one actor property.", ); } else if (keys.length < 1) { throw new TypeError("The keys must not be empty."); } const activityId = activity.id.href; let proofCreated = false; let rsaKey: { keyId: URL; privateKey: CryptoKey } | null = null; for (const { keyId, privateKey } of keys) { validateCryptoKey(privateKey, "private"); if (rsaKey == null && privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") { rsaKey = { keyId, privateKey }; continue; } if (privateKey.algorithm.name === "Ed25519") { activity = await signObject(activity, privateKey, keyId, { contextLoader: this.contextLoader, }); proofCreated = true; } } let jsonLd = await activity.toJsonLd({ format: "compact", contextLoader: this.contextLoader, }); if (rsaKey == null) { logger.warn( "No supported key found to create a Linked Data signature for " + "the activity {activityId}. The activity will be sent without " + "a Linked Data signature. In order to create a Linked Data " + "signature, at least one RSASSA-PKCS1-v1_5 key must be provided.", { activityId, keys: keys.map((pair) => ({ keyId: pair.keyId.href, privateKey: pair.privateKey, })), }, ); } else { jsonLd = await signJsonLd(jsonLd, rsaKey.privateKey, rsaKey.keyId, { contextLoader: this.contextLoader, }); } if (!proofCreated) { logger.warn( "No supported key found to create a proof for the activity {activityId}. " + "The activity will be sent without a proof. " + "In order to create a proof, at least one Ed25519 key must be provided.", { activityId, keys: keys.map((pair) => ({ keyId: pair.keyId.href, privateKey: pair.privateKey, })), }, ); } if (immediate || this.queue == null) { if (immediate) { logger.debug( "Sending activity immediately without queue since immediate option " + "is set.", { activityId: activity.id!.href, activity: jsonLd }, ); } else { logger.debug( "Sending activity immediately without queue since queue is not set.", { activityId: activity.id!.href, activity: jsonLd }, ); } const promises: Promise[] = []; for (const inbox in inboxes) { promises.push( sendActivity({ keys, activity: jsonLd, activityId: activity.id?.href, inbox: new URL(inbox), headers: collectionSync == null ? undefined : new Headers({ "Collection-Synchronization": await buildCollectionSynchronizationHeader( collectionSync, inboxes[inbox], ), }), }), ); } await Promise.all(promises); return; } logger.debug( "Enqueuing activity {activityId} to send later.", { activityId: activity.id!.href, activity: jsonLd }, ); const keyJwkPairs: SenderKeyJwkPair[] = []; for (const { keyId, privateKey } of keys) { const privateKeyJwk = await exportJwk(privateKey); keyJwkPairs.push({ keyId: keyId.href, privateKey: privateKeyJwk }); } if (!this.manuallyStartQueue) this.#startQueue(contextData); for (const inbox in inboxes) { const message: OutboxMessage = { type: "outbox", id: crypto.randomUUID(), keys: keyJwkPairs, activity: jsonLd, activityId: activity.id?.href, inbox, started: new Date().toISOString(), attempt: 0, headers: collectionSync == null ? {} : { "Collection-Synchronization": await buildCollectionSynchronizationHeader( collectionSync, inboxes[inbox], ), }, }; this.queue.enqueue(message); } } fetch( request: Request, options: FederationFetchOptions, ): Promise { const requestId = getRequestId(request); return withContext({ requestId }, async () => { const response = await this.#fetch(request, options); const logger = getLogger(["fedify", "federation", "http"]); const url = new URL(request.url); const logTpl = "{method} {path}: {status}"; const values = { method: request.method, path: `${url.pathname}${url.search}`, url: request.url, status: response.status, }; if (response.status >= 500) logger.error(logTpl, values); else if (response.status >= 400) logger.warn(logTpl, values); else logger.info(logTpl, values); return response; }); } async #fetch( request: Request, { onNotFound, onNotAcceptable, onUnauthorized, contextData, }: FederationFetchOptions, ): Promise { onNotFound ??= notFound; onNotAcceptable ??= notAcceptable; onUnauthorized ??= unauthorized; const url = new URL(request.url); const route = this.router.route(url.pathname); if (route == null) { const response = onNotFound(request); return response instanceof Promise ? await response : response; } let context = this.#createContext(request, contextData); const routeName = route.name.replace(/:.*$/, ""); switch (routeName) { case "webfinger": return await handleWebFinger(request, { context, actorDispatcher: this.actorCallbacks?.dispatcher, actorHandleMapper: this.actorCallbacks?.handleMapper, onNotFound, }); case "nodeInfoJrd": return await handleNodeInfoJrd(request, context); case "nodeInfo": return await handleNodeInfo(request, { context, nodeInfoDispatcher: this.nodeInfoDispatcher!, }); case "actor": context = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle, }, }); return await handleActor(request, { identifier: route.values.identifier ?? route.values.handle, context, actorDispatcher: this.actorCallbacks?.dispatcher, authorizePredicate: this.actorCallbacks?.authorizePredicate, onUnauthorized, onNotFound, onNotAcceptable, }); case "object": { const typeId = route.name.replace(/^object:/, ""); const callbacks = this.objectCallbacks[typeId]; const cls = this.objectTypeIds[typeId]; context = this.#createContext(request, contextData, { invokedFromObjectDispatcher: { cls, values: route.values }, }); return await handleObject(request, { values: route.values, context, objectDispatcher: callbacks?.dispatcher, authorizePredicate: callbacks?.authorizePredicate, onUnauthorized, onNotFound, onNotAcceptable, }); } case "outbox": return await handleCollection(request, { name: "outbox", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getOutboxUri.bind(context), context, collectionCallbacks: this.outboxCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); case "inbox": if (request.method !== "POST") { return await handleCollection(request, { name: "inbox", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getInboxUri.bind(context), context, collectionCallbacks: this.inboxCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); } context = this.#createContext(request, contextData, { documentLoader: await context.getDocumentLoader({ identifier: route.values.identifier ?? route.values.handle, }), }); // falls through case "sharedInbox": if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) { const identity = await this.sharedInboxKeyDispatcher(context); if (identity != null) { context = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity), }); } } if (!this.manuallyStartQueue) this.#startQueue(contextData); return await handleInbox(request, { recipient: route.values.identifier ?? route.values.handle ?? null, context, inboxContextFactory: context.toInboxContext.bind(context), kv: this.kv, kvPrefixes: this.kvPrefixes, queue: this.queue, actorDispatcher: this.actorCallbacks?.dispatcher, inboxListeners: this.inboxListeners, inboxErrorHandler: this.inboxErrorHandler, onNotFound, signatureTimeWindow: this.signatureTimeWindow, skipSignatureVerification: this.skipSignatureVerification, }); case "following": return await handleCollection(request, { name: "following", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getFollowingUri.bind(context), context, collectionCallbacks: this.followingCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); case "followers": { let baseUrl = url.searchParams.get("base-url"); if (baseUrl != null) { const u = new URL(baseUrl); baseUrl = `${u.origin}/`; } return await handleCollection(request, { name: "followers", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getFollowersUri.bind(context), context, filter: baseUrl != null ? new URL(baseUrl) : undefined, filterPredicate: baseUrl != null ? ((i) => (i instanceof URL ? i.href : i.id?.href ?? "").startsWith( baseUrl!, )) : undefined, collectionCallbacks: this.followersCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); } case "liked": return await handleCollection(request, { name: "liked", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getLikedUri.bind(context), context, collectionCallbacks: this.likedCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); case "featured": return await handleCollection(request, { name: "featured", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getFeaturedUri.bind(context), context, collectionCallbacks: this.featuredCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); case "featuredTags": return await handleCollection(request, { name: "featured tags", identifier: route.values.identifier ?? route.values.handle, uriGetter: context.getFeaturedTagsUri.bind(context), context, collectionCallbacks: this.featuredTagsCallbacks, onUnauthorized, onNotFound, onNotAcceptable, }); default: { const response = onNotFound(request); return response instanceof Promise ? await response : response; } } } } interface ContextOptions { url: URL; federation: FederationImpl; data: TContextData; documentLoader: DocumentLoader; invokedFromActorKeyPairsDispatcher?: { identifier: string }; } export class ContextImpl implements Context { readonly url: URL; readonly federation: FederationImpl; readonly data: TContextData; readonly documentLoader: DocumentLoader; readonly invokedFromActorKeyPairsDispatcher?: { identifier: string }; constructor( { url, federation, data, documentLoader, invokedFromActorKeyPairsDispatcher, }: ContextOptions, ) { this.url = url; this.federation = federation; this.data = data; this.documentLoader = documentLoader; this.invokedFromActorKeyPairsDispatcher = invokedFromActorKeyPairsDispatcher; } toInboxContext( recipient: string | null, activity: unknown, ): InboxContextImpl { return new InboxContextImpl(recipient, activity, { url: this.url, federation: this.federation, data: this.data, documentLoader: this.documentLoader, invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher, }); } get hostname(): string { return this.url.hostname; } get host(): string { return this.url.host; } get origin(): string { return this.url.origin; } get contextLoader(): DocumentLoader { return this.federation.contextLoader; } getNodeInfoUri(): URL { const path = this.federation.router.build("nodeInfo", {}); if (path == null) { throw new RouterError("No NodeInfo dispatcher registered."); } return new URL(path, this.url); } getActorUri(identifier: string): URL { const path = this.federation.router.build( "actor", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No actor dispatcher registered."); } return new URL(path, this.url); } getObjectUri( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, values: Record, ): URL { const callbacks = this.federation.objectCallbacks[cls.typeId.href]; if (callbacks == null) { throw new RouterError("No object dispatcher registered."); } for (const param of callbacks.parameters) { if (!(param in values)) { throw new TypeError(`Missing parameter: ${param}`); } } const path = this.federation.router.build( `object:${cls.typeId.href}`, values, ); if (path == null) { throw new RouterError("No object dispatcher registered."); } return new URL(path, this.url); } getOutboxUri(identifier: string): URL { const path = this.federation.router.build( "outbox", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No outbox dispatcher registered."); } return new URL(path, this.url); } getInboxUri(): URL; getInboxUri(identifier: string): URL; getInboxUri(identifier?: string): URL { if (identifier == null) { const path = this.federation.router.build("sharedInbox", {}); if (path == null) { throw new RouterError("No shared inbox path registered."); } return new URL(path, this.url); } const path = this.federation.router.build( "inbox", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No inbox path registered."); } return new URL(path, this.url); } getFollowingUri(identifier: string): URL { const path = this.federation.router.build( "following", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No following collection path registered."); } return new URL(path, this.url); } getFollowersUri(identifier: string): URL { const path = this.federation.router.build( "followers", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No followers collection path registered."); } return new URL(path, this.url); } getLikedUri(identifier: string): URL { const path = this.federation.router.build( "liked", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No liked collection path registered."); } return new URL(path, this.url); } getFeaturedUri(identifier: string): URL { const path = this.federation.router.build( "featured", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No featured collection path registered."); } return new URL(path, this.url); } getFeaturedTagsUri(identifier: string): URL { const path = this.federation.router.build( "featuredTags", { identifier, handle: identifier }, ); if (path == null) { throw new RouterError("No featured tags collection path registered."); } return new URL(path, this.url); } parseUri(uri: URL | null): ParseUriResult | null { if (uri == null) return null; if (uri.origin !== this.url.origin) return null; const route = this.federation.router.route(uri.pathname); const logger = getLogger(["fedify", "federation"]); if (route == null) return null; else if (route.name === "sharedInbox") { return { type: "inbox", identifier: undefined, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return undefined; }, }; } const identifier = "identifier" in route.values ? route.values.identifier : route.values.handle; if (route.name === "actor") { return { type: "actor", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name.startsWith("object:")) { const typeId = route.name.replace(/^object:/, ""); return { type: "object", class: this.federation.objectTypeIds[typeId], typeId: new URL(typeId), values: route.values, }; } else if (route.name === "inbox") { return { type: "inbox", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name === "outbox") { return { type: "outbox", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name === "following") { return { type: "following", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name === "followers") { return { type: "followers", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name === "liked") { return { type: "liked", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name === "featured") { return { type: "featured", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } else if (route.name === "featuredTags") { return { type: "featuredTags", identifier, get handle() { logger.warn( "The ParseUriResult.handle property is deprecated; " + "use ParseUriResult.identifier instead.", ); return identifier; }, }; } return null; } async getActorKeyPairs(identifier: string): Promise { const logger = getLogger(["fedify", "federation", "actor"]); if (this.invokedFromActorKeyPairsDispatcher != null) { logger.warn( "Context.getActorKeyPairs({getActorKeyPairsIdentifier}) method is " + "invoked from the actor key pairs dispatcher " + "({actorKeyPairsDispatcherIdentifier}); this may cause " + "an infinite loop.", { getActorKeyPairsIdentifier: identifier, actorKeyPairsDispatcherIdentifier: this.invokedFromActorKeyPairsDispatcher.identifier, }, ); } let keyPairs: (CryptoKeyPair & { keyId: URL })[]; try { keyPairs = await this.getKeyPairsFromIdentifier(identifier); } catch (_) { logger.warn("No actor key pairs dispatcher registered."); return []; } const owner = this.getActorUri(identifier); const result = []; for (const keyPair of keyPairs) { const newPair: ActorKeyPair = { ...keyPair, cryptographicKey: new CryptographicKey({ id: keyPair.keyId, owner, publicKey: keyPair.publicKey, }), multikey: new Multikey({ id: keyPair.keyId, controller: owner, publicKey: keyPair.publicKey, }), }; result.push(newPair); } return result; } protected async getKeyPairsFromIdentifier( identifier: string, ): Promise<(CryptoKeyPair & { keyId: URL })[]> { const logger = getLogger(["fedify", "federation", "actor"]); if (this.federation.actorCallbacks?.keyPairsDispatcher == null) { throw new Error("No actor key pairs dispatcher registered."); } const path = this.federation.router.build( "actor", { identifier, handle: identifier }, ); if (path == null) { logger.warn("No actor dispatcher registered."); return []; } const actorUri = new URL(path, this.url); const keyPairs = await this.federation.actorCallbacks?.keyPairsDispatcher( new ContextImpl({ ...this, invokedFromActorKeyPairsDispatcher: { identifier }, }), identifier, ); if (keyPairs.length < 1) { logger.warn("No key pairs found for actor {identifier}.", { identifier }); } let i = 0; const result = []; for (const keyPair of keyPairs) { result.push({ ...keyPair, keyId: new URL( // For backwards compatibility, the first key is always the #main-key: i == 0 ? `#main-key` : `#key-${i + 1}`, actorUri, ), }); i++; } return result; } protected async getRsaKeyPairFromIdentifier( identifier: string, ): Promise { const keyPairs = await this.getKeyPairsFromIdentifier(identifier); for (const keyPair of keyPairs) { const { privateKey } = keyPair; if ( privateKey.algorithm.name === "RSASSA-PKCS1-v1_5" && (privateKey.algorithm as unknown as { hash: { name: string } }).hash .name === "SHA-256" ) { return keyPair; } } getLogger(["fedify", "federation", "actor"]).warn( "No RSA-PKCS#1-v1.5 SHA-256 key found for actor {identifier}.", { identifier }, ); return null; } getDocumentLoader( identity: | { identifier: string } | { username: string } | { handle: string }, ): Promise; getDocumentLoader(identity: SenderKeyPair): DocumentLoader; getDocumentLoader( identity: | SenderKeyPair | { identifier: string } | { username: string } | { handle: string }, ): DocumentLoader | Promise { if ( "identifier" in identity || "username" in identity || "handle" in identity ) { let identifierPromise: Promise; if ("username" in identity || "handle" in identity) { let username: string; if ("username" in identity) { username = identity.username; } else { username = identity.handle; getLogger(["fedify", "runtime", "docloader"]).warn( 'The "handle" property is deprecated; use "identifier" or ' + '"username" instead.', { identity }, ); } const mapper = this.federation.actorCallbacks?.handleMapper; if (mapper == null) { identifierPromise = Promise.resolve(username); } else { const identifier = mapper(this, username); identifierPromise = identifier instanceof Promise ? identifier : Promise.resolve(identifier); } } else { identifierPromise = Promise.resolve(identity.identifier); } return identifierPromise.then((identifier) => { if (identifier == null) return this.documentLoader; const keyPair = this.getRsaKeyPairFromIdentifier(identifier); return keyPair.then((pair) => pair == null ? this.documentLoader : this.federation.authenticatedDocumentLoaderFactory(pair) ); }); } return this.federation.authenticatedDocumentLoaderFactory(identity); } lookupObject( identifier: string | URL, options: LookupObjectOptions = {}, ): Promise { return lookupObject(identifier, { documentLoader: options.documentLoader ?? this.documentLoader, contextLoader: options.contextLoader ?? this.contextLoader, }); } traverseCollection( collection: Collection, options: TraverseCollectionOptions = {}, ): AsyncIterable { return traverseCollection(collection, { documentLoader: options.documentLoader ?? this.documentLoader, contextLoader: options.contextLoader ?? this.contextLoader, }); } async sendActivity( sender: | SenderKeyPair | SenderKeyPair[] | { identifier: string } | { username: string } | { handle: string }, recipients: Recipient | Recipient[] | "followers", activity: Activity, options: SendActivityOptions = {}, ): Promise { let keys: SenderKeyPair[]; let identifier: string | null = null; if ("identifier" in sender || "username" in sender || "handle" in sender) { if ("identifier" in sender) { identifier = sender.identifier; } else { let username: string; if ("username" in sender) { username = sender.username; } else { username = sender.handle; getLogger(["fedify", "federation", "outbox"]).warn( 'The "handle" property for the sender parameter is deprecated; ' + 'use "identifier" or "username" instead.', { sender }, ); } if (this.federation.actorCallbacks?.handleMapper == null) { identifier = username; } else { const mapped = await this.federation.actorCallbacks.handleMapper( this, username, ); if (mapped == null) { throw new Error( `No actor found for the given username ${ JSON.stringify(username) }.`, ); } identifier = mapped; } } keys = await this.getKeyPairsFromIdentifier(identifier); if (keys.length < 1) { throw new Error( `No key pair found for actor ${JSON.stringify(identifier)}.`, ); } } else if (Array.isArray(sender)) { if (sender.length < 1) { throw new Error("The sender's key pairs are empty."); } keys = sender; } else { keys = [sender]; } const opts: SendActivityInternalOptions = { contextData: this.data, ...options, }; let expandedRecipients: Recipient[]; if (Array.isArray(recipients)) { expandedRecipients = recipients; } else if (recipients === "followers") { if (identifier == null) { throw new Error( 'If recipients is "followers", ' + "sender must be an actor identifier or username.", ); } expandedRecipients = []; for await ( const recipient of this.getFollowers(identifier) ) { expandedRecipients.push(recipient); } const collectionId = this.federation.router.build( "followers", { identifier, handle: identifier }, ); opts.collectionSync = collectionId == null ? undefined : new URL(collectionId, this.url).href; } else { expandedRecipients = [recipients]; } return await this.federation.sendActivity( keys, expandedRecipients, activity, opts, ); } async *getFollowers(identifier: string): AsyncIterable { if (this.federation.followersCallbacks == null) { throw new Error("No followers collection dispatcher registered."); } const result = await this.federation.followersCallbacks.dispatcher( this, identifier, null, ); if (result != null) { for (const recipient of result.items) yield recipient; return; } if (this.federation.followersCallbacks.firstCursor == null) { throw new Error( "No first cursor dispatcher registered for followers collection.", ); } let cursor = await this.federation.followersCallbacks.firstCursor( this, identifier, ); while (cursor != null) { const result = await this.federation.followersCallbacks.dispatcher( this, identifier, cursor, ); if (result == null) break; for (const recipient of result.items) yield recipient; cursor = result.nextCursor ?? null; } } } interface RequestContextOptions extends ContextOptions { request: Request; invokedFromActorDispatcher?: { identifier: string }; invokedFromObjectDispatcher?: { // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => Object) & { typeId: URL }; values: Record; }; } class RequestContextImpl extends ContextImpl implements RequestContext { readonly #invokedFromActorDispatcher?: { identifier: string }; readonly #invokedFromObjectDispatcher?: { // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => Object) & { typeId: URL }; values: Record; }; readonly request: Request; override readonly url: URL; constructor(options: RequestContextOptions) { super(options); this.#invokedFromActorDispatcher = options.invokedFromActorDispatcher; this.#invokedFromObjectDispatcher = options.invokedFromObjectDispatcher; this.request = options.request; this.url = options.url; } async getActor(identifier: string): Promise { if ( this.federation.actorCallbacks == null || this.federation.actorCallbacks.dispatcher == null ) { throw new Error("No actor dispatcher registered."); } if (this.#invokedFromActorDispatcher != null) { getLogger(["fedify", "federation", "actor"]).warn( "RequestContext.getActor({getActorIdentifier}) is invoked from " + "the actor dispatcher ({actorDispatcherIdentifier}); " + "this may cause an infinite loop.", { getActorIdentifier: identifier, actorDispatcherIdentifier: this.#invokedFromActorDispatcher.identifier, }, ); } return await this.federation.actorCallbacks.dispatcher( new RequestContextImpl({ ...this, invokedFromActorDispatcher: { identifier }, }), identifier, ); } async getObject( // deno-lint-ignore no-explicit-any cls: (new (...args: any[]) => TObject) & { typeId: URL }, values: Record, ): Promise { const callbacks = this.federation.objectCallbacks[cls.typeId.href]; if (callbacks == null) { throw new Error("No object dispatcher registered."); } for (const param of callbacks.parameters) { if (!(param in values)) { throw new TypeError(`Missing parameter: ${param}`); } } if (this.#invokedFromObjectDispatcher != null) { getLogger(["fedify", "federation"]).warn( "RequestContext.getObject({getObjectClass}, " + "{getObjectValues}) is invoked from the object dispatcher " + "({actorDispatcherClass}, {actorDispatcherValues}); " + "this may cause an infinite loop.", { getObjectClass: cls.name, getObjectValues: values, actorDispatcherClass: this.#invokedFromObjectDispatcher.cls.name, actorDispatcherValues: this.#invokedFromObjectDispatcher.values, }, ); } return await callbacks.dispatcher( new RequestContextImpl({ ...this, invokedFromObjectDispatcher: { cls, values }, }), values, // deno-lint-ignore no-explicit-any ) as any; } #signedKey: CryptographicKey | null | undefined = undefined; async getSignedKey(): Promise { if (this.#signedKey !== undefined) return this.#signedKey; return this.#signedKey = await verifyRequest(this.request, { ...this, timeWindow: this.federation.signatureTimeWindow, }); } #signedKeyOwner: Actor | null | undefined = undefined; async getSignedKeyOwner(): Promise { if (this.#signedKeyOwner !== undefined) return this.#signedKeyOwner; const key = await this.getSignedKey(); if (key == null) return this.#signedKeyOwner = null; return this.#signedKeyOwner = await getKeyOwner(key, this); } } export class InboxContextImpl extends ContextImpl implements InboxContext { readonly recipient: string | null; readonly activity: unknown; constructor( recipient: string | null, activity: unknown, options: ContextOptions, ) { super(options); this.recipient = recipient; this.activity = activity; } forwardActivity( forwarder: | SenderKeyPair | SenderKeyPair[] | { identifier: string } | { username: string } | { handle: string }, recipients: Recipient | Recipient[], options?: ForwardActivityOptions, ): Promise; forwardActivity( forwarder: | { identifier: string } | { username: string } | { handle: string }, recipients: "followers", options?: ForwardActivityOptions, ): Promise; async forwardActivity( forwarder: | SenderKeyPair | SenderKeyPair[] | { identifier: string } | { username: string } | { handle: string }, recipients: Recipient | Recipient[] | "followers", options?: ForwardActivityOptions, ): Promise { const logger = getLogger(["fedify", "federation", "inbox"]); let keys: SenderKeyPair[]; let identifier: string | null = null; if ( "identifier" in forwarder || "username" in forwarder || "handle" in forwarder ) { if ("identifier" in forwarder) { identifier = forwarder.identifier; } else { let username: string; if ("username" in forwarder) { username = forwarder.username; } else { username = forwarder.handle; logger.warn( 'The "handle" property for the forwarder parameter is deprecated; ' + 'use "identifier" or "username" instead.', { forwarder }, ); } if (this.federation.actorCallbacks?.handleMapper == null) { identifier = username; } else { const mapped = await this.federation.actorCallbacks.handleMapper( this, username, ); if (mapped == null) { throw new Error( `No actor found for the given username ${ JSON.stringify(username) }.`, ); } identifier = mapped; } } keys = await this.getKeyPairsFromIdentifier(identifier); if (keys.length < 1) { throw new Error( `No key pair found for actor ${JSON.stringify(identifier)}.`, ); } } else if (Array.isArray(forwarder)) { if (forwarder.length < 1) { throw new Error("The forwarder's key pairs are empty."); } keys = forwarder; } else { keys = [forwarder]; } let activityId: string | undefined = undefined; if (!hasSignature(this.activity)) { let hasProof: boolean; try { const activity = await Activity.fromJsonLd(this.activity, this); activityId = activity.id?.href; hasProof = await activity.getProof() != null; } catch { hasProof = false; } if (!hasProof) { if (options?.skipIfUnsigned) return; logger.warn( "The received activity {activityId} is not signed; even if it is " + "forwarded to other servers as is, it may not be accepted by " + "them due to the lack of a signature/proof.", ); } } if ( activityId == null && typeof this.activity === "object" && this.activity != null ) { activityId = "@id" in this.activity && typeof this.activity["@id"] === "string" ? this.activity["@id"] : "id" in this.activity && typeof this.activity.id === "string" ? this.activity.id : undefined; } if (recipients === "followers") { if (identifier == null) { throw new Error( 'If recipients is "followers", ' + "forwarder must be an actor identifier or username.", ); } const followers: Recipient[] = []; for await (const recipient of this.getFollowers(identifier)) { followers.push(recipient); } recipients = followers; } const inboxes = extractInboxes({ recipients: Array.isArray(recipients) ? recipients : [recipients], preferSharedInbox: options?.preferSharedInbox, excludeBaseUris: options?.excludeBaseUris, }); logger.debug("Forwarding activity {activityId} to inboxes:\n{inboxes}", { inboxes: globalThis.Object.keys(inboxes), activityId, activity: this.activity, }); if (options?.immediate || this.federation.queue == null) { if (options?.immediate) { logger.debug( "Forwarding activity immediately without queue since immediate " + "option is set.", ); } else { logger.debug( "Forwarding activity immediately without queue since queue is not " + "set.", ); } const promises: Promise[] = []; for (const inbox in inboxes) { promises.push( sendActivity({ keys, activity: this.activity, activityId: activityId, inbox: new URL(inbox), }), ); } await Promise.all(promises); return; } logger.debug( "Enqueuing activity {activityId} to forward later.", { activityId, activity: this.activity }, ); const keyJwkPairs: SenderKeyJwkPair[] = []; for (const { keyId, privateKey } of keys) { const privateKeyJwk = await exportJwk(privateKey); keyJwkPairs.push({ keyId: keyId.href, privateKey: privateKeyJwk }); } for (const inbox in inboxes) { const message: OutboxMessage = { type: "outbox", id: crypto.randomUUID(), keys: keyJwkPairs, activity: this.activity, activityId, inbox, started: new Date().toISOString(), attempt: 0, headers: {}, }; this.federation.queue.enqueue(message); } } } interface ActorCallbacks { dispatcher?: ActorDispatcher; keyPairsDispatcher?: ActorKeyPairsDispatcher; handleMapper?: ActorHandleMapper; authorizePredicate?: AuthorizePredicate; } interface ObjectCallbacks { dispatcher: ObjectDispatcher; parameters: Set; authorizePredicate?: ObjectAuthorizePredicate; } interface SendActivityInternalOptions extends SendActivityOptions { collectionSync?: string; contextData: TContextData; } function notFound(_request: Request): Response { return new Response("Not Found", { status: 404 }); } function notAcceptable(_request: Request): Response { return new Response("Not Acceptable", { status: 406, headers: { Vary: "Accept, Signature", }, }); } function unauthorized(_request: Request): Response { return new Response("Unauthorized", { status: 401, headers: { Vary: "Accept, Signature", }, }); } /** * Generates or extracts a unique identifier for a request. * * This function first attempts to extract an existing request ID from standard * tracing headers. If none exists, it generates a new one. The ID format is: * * - If from headers, uses the existing ID. * - If generated, uses format `req_` followed by a base36 timestamp and * 6 random chars. * * @param request The incoming HTTP request. * @returns A string identifier unique to this request. */ function getRequestId(request: Request): string { // First try to get existing trace ID from standard headers: const traceId = request.headers.get("X-Request-Id") || request.headers.get("X-Correlation-Id") || request.headers.get("Traceparent")?.split("-")[1]; if (traceId != null) return traceId; // Generate new ID if none exists: // - Use timestamp for rough chronological ordering // - Add random suffix for uniqueness within same millisecond // - Prefix to distinguish from potential existing IDs const timestamp = Date.now().toString(36); const random = Math.random().toString(36).slice(2, 8); return `req_${timestamp}${random}`; }